CVE-2010-1772Use After Free in Google Chrome

CWE-416Use After Free8 documents5 sources
Severity
8.8HIGHNVD
EPSS
2.1%
top 15.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeCanonical Ubuntu LinuxFedoraproject Fedora+2 more
Timeline
PublishedSep 24
Latest updateMay 13

Description

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/chrome< 5.0.375.70
NVDopensuse/opensuse11.2, 11.3+1

Also affects: Fedora 12, 13, Ubuntu Linux 10.04, 10.10, 9.10, Enterprise Linux 6.0

Patches

Patch: trac.webkit.orgPatch: bugzilla.redhat.comPatch: trac.webkit.org

🔴Vulnerability Details

1
GHSA
GHSA-55g3-7rvc-rxxm: Use-after-free vulnerability in page/Geolocation2022-05-13

📋Vendor Advisories

1
Red Hat
WebKit: use-after-free vulnerability in handling of geolocation events2010-06-07

📐Framework References

1
CWE
Use After Free

💬Community

4
Bugzilla
Please update to webkitgtk-1.2.32010-07-18
Bugzilla
update webkitgtk to 1.2.32010-07-16
Bugzilla
CVE-2010-1772 CVE-2010-1773 webkitgtk various flaws [fedora-all]2010-06-21
Bugzilla
CVE-2010-1772 WebKit: use-after-free vulnerability in handling of geolocation events2010-05-26